d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ipfilter 5.1.2 no longer supports sysctl. Use ipf -V to determine if

Browse Source 
available (the kernel module is loaded or compiled into the kernel).

Approved by:	glebius (mentor)
Approved by:	re (blanket)
This commit is contained in:
Cy Schubert 2013-09-10 13:48:33 +00:00
parent 2402d97614
commit 854cb10a58
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=255450
3 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
etc/rc.d/ipfilter
View File

@ -29,7 +29,7 @@ required_modules="ipl:ipfilter"
ipfilter_start()
{
echo "Enabling ipfilter."
if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
${ipfilter_program:-/sbin/ipf} -E
fi
${ipfilter_program:-/sbin/ipf} -Fa
@ -37,7 +37,6 @@ ipfilter_start()
${ipfilter_program:-/sbin/ipf} \
-f "${ipfilter_rules}" ${ipfilter_flags}
fi
${ipfilter_program:-/sbin/ipf} -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
@ -46,8 +45,7 @@ ipfilter_start()
ipfilter_stop()
{
# XXX - The ipf -D command is not effective for 'lkm's
if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
echo "Saving firewall state tables"
${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
echo "Disabling ipfilter."

2
etc/rc.d/ipfs
View File

@ -23,7 +23,7 @@ ipfs_prestart()
if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
err 1 "${name} requires either ipfilter or ipnat enabled"
fi
if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
err 1 "ipfilter module is not loaded"
fi
return 0

2
etc/rc.d/ipmon
View File

@ -23,7 +23,7 @@ ipmon_precmd()
if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then
err 1 "${name} requires either ipfilter or ipnat enabled"
fi
if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
err 1 "ipfilter module is not loaded"
fi
return 0